Have some questions on the salt client and vbash shell integration

mattwan · October 14, 2018, 9:50am

I’ve been poking around the rc2 build, and got the salt client up and running. Some observations

salt-minion has to run as root - this is quite normal on the server side. Attempting to run as a non privileged user (Given that vyos users aren’t root, I thought it’d be worth a punt) fails as zeromq needs root permissions to start. I can have a look into sudo permissions to enable this later on if required.

vyos@vyos# bash -c systemctl restart salt-minion
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File Sy
sys-devices-pci0000:00-0000:00:01.1-ata2-host1-target1:0:0-1:0:0:0-block-sr0.device loaded active plugged
sys-devices-pci0000:00-0000:00:05.0-virtio1-host2-target2:0:0-2:0:0:0-block-sda-sda1.device loaded active p
sys-devices-pci0000:00-0000:00:05.0-virtio1-host2-target2:0:0-2:0:0:0-block-sda.device loaded active plugge
2018-10-14 08:49:47,130 [salt.log.setup ][ERROR ] An un-handled exception was caught by salt’s global exception handler:
ZMQError: Permission denied
Traceback (most recent call last):
File “/usr/bin/salt-minion”, line 14, in
salt_minion()
File “/usr/lib/python2.7/dist-packages/salt/scripts.py”, line 35, in salt_minion
minion.start()
File “/usr/lib/python2.7/dist-packages/salt/init.py”, line 224, in start
self.minion.tune_in()
File “/usr/lib/python2.7/dist-packages/salt/minion.py”, line 442, in tune_in
self.epub_sock.bind(epub_uri)
File “zmq/backend/cython/socket.pyx”, line 444, in zmq.backend.cython.socket.Socket.bind (zmq/backend/cython/socket.c:4089)
File “zmq/backend/cython/checkrc.pxd”, line 21, in zmq.backend.cython.checkrc._check_rc (zmq/backend/cython/socket.c:6248)
raise ZMQError(errno)
ZMQError: Permission denied
…skipping…

From the salt master, I can run normal bash commands, but can’t get direct access to the full vbash shell:

salt vyos cmd.run ‘show interfaces’

vyos:
/bin/sh: show: command not found
ERROR: Minions returned with non-zero exit code

If I use the API, it works.

salt vyos cmd.run ‘cli-shell-api showCfg interfaces’

vyos:
ethernet eth0 {
address 192.168.103.30/24
duplex auto
smp-affinity auto
speed auto
}
loopback lo {
}

I have a limited understanding of how to get the full shell working. Simple attempts like this don’t work:

salt vyos cmd.run 'sudo -u vyos /bin/vbash -c ". /home/vyos/.bashrc ; show " ’

vyos:

  Invalid command: [show]

Is there an easier way of doing this, or do I need to use the bash API wrapper directly?

If I can get a better understanding of how to make native vbash calls from salt, I’m happy try and get this working the next week or so.

Once we have the ability to run native commands via salt minion, I’ll have a look at how we can add a napalm module using the minion directly. The Arista EOS napalm module (napalm-eos/eos.py at develop · napalm-automation/napalm-eos · GitHub) is a very similar approach, and after an initial glance, looks like mainly syntax changes are needed.